xbcrypt in Percona XtraBackup prior to 2.3.6 and 2.4.x prior to 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent malicious users to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
percona xtrabackup |
||
percona xtrabackup 2.4.1 |
||
percona xtrabackup 2.4.0 |
||
percona xtrabackup 2.4.3 |
||
percona xtrabackup 2.4.2 |
||
percona xtrabackup 2.4.4 |
||
opensuse leap 42.2 |
||
opensuse leap 42.1 |
||
fedoraproject fedora 25 |
||
fedoraproject fedora 24 |